Everyone knows that the “insider threat” – company employees – are a major security risk, right?  Well, according to a recent report by computer forensics specialist Verizon Business, the biggest IT security risk to business is still external parties.

The report found that 74% of breaches resulted from external sources, and just 20% were caused by insiders.  And worryingly, most of the security issues found could be traced directly to bad decisions or poor security practice within IT departments, not end users.
 
As mentioned in our earlier post, ‘Why the blame game doesn’t work’, individuals are frequently blamed for security lapses, and this diverts attention away from the real problem.

With cybercrime exploding and a rising wave of malware already seen this year, companies need to be more vigilant than ever before.  That means taking a long, hard look at all aspects of security, and ensuring that policies are enforced by solutions at all stages.

So perimeter security should be leakproof.  Data should be encrypted, wherever it is.  Staff should be issued with secure USB flash drives, that feature mandatory encryption.  Only by delivering security at all levels, can companies really start to take control, instead of wasting time looking for people to blame for breaches.